Bulking Inviting Guest to a Azure Tenant

Background

One of our customers recently moved from their pay-as-you-go subscription into CSP.

Moving the subscription was fairly straight-forward. However, subscriptions don’t carry over any of the service principals, users, guest accounts, applications; those stay in the existing tenant.

But wait isn’t there a bulk invite option in the Azure portal?

The answer is convoluted. Microsoft offered a bulk-invite options in-preview until near the 2019.

Actually, serves the basis for this post. How do I get hundreds of users in the old tenant into my new tenant with individually adding them.

Powershell to the rescue!

There is a module AzureADPreview that provides methods to reinvite users to the new tenant; They have to accept the invention off course but after its a one and done utility.


Preparation steps

  1. Very you have Global Administrator, User Account Administrator role in the new Azure AD environment
  2. Export users from the tenant using the download users option in the Azure AD -> Users Blade
  3. Save the csv for later
  4. Get the tenant directory information of the new tenant switch directory on your tenant it should be available the Azure Active Directory pane at the top

Example the following code reads the csv saved and sends an invite in the new tenant:



param (

   [String] $domain,
   [String] $csvPath 
)
if($domain  -eq $null)
{
    $domain = read-host - Prompt "enter directory name of the tenant. Example example.onmicrosoft.com"
}
if($csvPath -eq $null)
{
    $csvPath = read-host - Prompt "Please provide the path of the csv of the dowloaded users"
}
try {
Import-Module AzureADPreview
}
Catch
{
Install-Module AzureADPreview -Scope CurrentUser -Force
}

Connect-AzureAD -TenantDomain $domain
# Parameter help description


Get-Content $csvPath | foreach {
$val = $_.split(",")



$user_invited = New-AzureADMSInvitation -InvitedUserDisplayName $val[1] -InvitedUserEmailAddress $val[3] -InviteRedirectURL https://myapps.azure.com -SendInvitationMessage $true

$group_obj = Get-AzureADGroup  -SearchString "Guest_Reader"
add-azureadgroupmember -objectid $group_obj.objectid -refobjectid $user_invited.invitedUser.id    


}

Optional You add your users to to azure ad group in the new tenate so they can have access to resources or subscription after accepting


$group_obj = Get-AzureADGroup  -SearchString "Guest_Reader"
add-azureadgroupmember -objectid $group_obj.objectid -refobjectid $user_invited.invitedUser.id